I'm fairly sure I have a virus, help!

B

blackhalo15

Booby Pie
Joined
Aug 7, 2003
Messages
209
I am fairly sure I have a virus, but I don't know what it is, or where I got it from. Because I have my Norton Antivirus set for auto-protect, but it was showing up on the taskbar with a red "X" across it, and when I tried to open it, it opened, for about 5 seconds, then closed. I'm pretty sure that nobody in my household has been looking at pornography, (I heard that's where most viruses come from.) but I have been to a few websites that will teach me programming. But they aren't illegal or anything, just sites that show me how to program with C#. I have downloaded quite a few things, but scanned them all before I ran them. These are the key names that are in the "run" key, or sub-key. (Whatever it is, I'm a bit of a moron, sorry if there's any confusion.)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

(Default)
Advanced Tools Check
AutoLogon
CARPService
ccApp
CPQEASYACC
iamapp
Microsoft Works Portfolio
Microsoft Works Update Section
NAV CfgWiz
QuickTime Task
Smapp
srmclean
WCOLOREAL
 
Well, I have Norton AntiVirus as well ('03 and '04!!!), all i can reccomend is run the Virus detection thingie, that usually does a good job. Or get SpyBot, or AdAware, something like those . . .
 
It disabled Norton Antivirus, but I did a "House Call" from Trend Micro. It found the virus, and it supposedly deleted it, but I restarted my computer, and there it was. It was an application that was supposed to be an mp3 from lyricsdomain.com. Do NOT download from lyricsdomain.com. They are bad, very bad. I manually deleted it, and I don't think they left anything in the registry, but the little bastard of a virus made itself supervisor for Norton, so I can't log on as supervisor to change it back to where autoprotect is on and I can do scans again. Because (a), I deleted the virus, and (b), I don't have the trojan client to get the supervisor password, and (c), every time I open Norton, it automaticly closes itself. But, this is what I found out about the virus. It is called TrojanDownloader.win32.Small.m, also known as win32/udepo. And here's how to get rid of it.

If you're not at you're desktop, go there. First, go to start, then right click on "My Computer". Click the "System Restore" tab. Then check the box for "Turn off System Restore". Then exit out of that, and go back to the desktop and double click internet explorer. Go to "Tools". (Tools option is included in the bar of browser options between "favorites" and "help".) Go to "Internet Options". Delete your temporary internet files. (The button doesn't say "Delete Temporary Internet Files", it says "Delete Files", and check the box for "Delete Offline Content".) Delete your cookies. Delete your history. Then, beside of the "Delete Files" button, click the "Settings" button. Then, near the bottom, click the "View Files" button. And look for any applications from lyricsdomain.com. If you find any, delete them. In fact, if you find anything from lyricsdomain.com, whether it be an application or not, delete it. Restart your computer. Then repeat the steps that you just went through, and if the application keeps reloading itself, then it has made itself a startup item. That's where the fun begins. You will have to play with the registries. If the application is programmed to run on startup, then go to start->run, and type "regedit". And then navigate to run. (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run) Now look on the right side of the window, and look under "name". If you see anything suspicious, then look beside it, under "data". If it is coming from the application you downloaded from lyricsdomain.com, then delete it. Then go and repeat the steps that you must take through Internet Explorer to delete the application. Then restart your computer. Your computer should now be rid of the virus. Now, the virus was written to somehow make itself a supervisor for Norton Antivirus software. And since you can't log on as that supervisor, you can't turn autoprotect on, or scan your computer for viruses, because Norton Antivirus will close right after it's opened. So, you must uninstall it, and reinstall it over again. And change the settings back to the way that you want them. To uninstall Norton Antivirus, you must go <a href="http://service1.symantec.com/SUPPORT/nav.nsf/docid/2001092114452606">
here</a>, then download and run "Rnav2003.exe".
 
Oh, so this little ba*tard actually overrides Norton AntiVirus (NAV), and does not let NAV work?!?!?! Yikes, quite scary. Which version of NAV do you have? '03? '04? Could someone who knows more about this stuff tell me if this SOB will override two NAV's installed. Dang it anyway, I am gonna have to DL SpyBot or something. Dang, those bloody nimrods who makes these stupid things should be lined up against a wall and shot, or given a real job, or something. They should be labelled as terrorists, creating viruses to screw up our computers, honestly.

Now, it could be a scheme by the AntiVirus companies to make more money that got out of hand, but seriously, I do NOT understand what possesses people to do such things . . . other then to torment us, of course. Bah, gets me pissed off. What a waste, what a sheer, utter waste . . .

[/rant]

EDIT: I am fairly sure I got a virus with Internet Exploder, as it refuses to function now, I mean, it will not even open. Also, it crashed my machine a few months ago, before I saw the light and converted to Mozilla. Ahh . . . Mozilla . . . perfection truly found . . .
 
Spybot and AdAware, as good as they are, usually aren't much help with trojans. Run a good antivirus (note that Grisoft has a free version that many people have said good things about, www.grisoft.com), run a firewall (ZoneAlarm has a free version), and if you're on broadband run a hardware firewall as well (LinkSys or NetGear, among others). Oh and ditto on Mozilla, Firefox browser rocks.
 
Originally posted by RealGoober
Oh, so this little ba*tard actually overrides Norton AntiVirus (NAV), and does not let NAV work?!?!?! Yikes, quite scary. Which version of NAV do you have? '03? '04? Could someone who knows more about this stuff tell me if this SOB will override two NAV's installed. Dang it anyway, I am gonna have to DL SpyBot or something. Dang, those bloody nimrods who makes these stupid things should be lined up against a wall and shot, or given a real job, or something. They should be labelled as terrorists, creating viruses to screw up our computers, honestly.

Now, it could be a scheme by the AntiVirus companies to make more money that got out of hand, but seriously, I do NOT understand what possesses people to do such things . . . other then to torment us, of course. Bah, gets me pissed off. What a waste, what a sheer, utter waste . . .

[/rant]

EDIT: I am fairly sure I got a virus with Internet Exploder, as it refuses to function now, I mean, it will not even open. Also, it crashed my machine a few months ago, before I saw the light and converted to Mozilla. Ahh . . . Mozilla . . . perfection truly found . . .
Click to expand...

Well, I also had a virus that would close my internet explorer. But, it also tried to delete some of my dll files to. And if you didn't get rid of it, then it might unfortunately be doing the same thing to yours. I suggest going to trendmicro.com and doing a housecall. That's usually what I do, and it usually works. If not, then it's time to pull out the "heavy duty kick a** virus removal tool". The system restore CD. Ahh, the joys of the internet. So far, these are the types of sites that I have got virus' from. Porn, if you look at it on the internet, you're asking, "please someone send me a virus". Mp3 sites, again, "please someone send me a virus", and finally, programming sites, you know, sites that give programming tutorials. I've only got one from a site like this, but I'm not going to anymore, I'm gonna save up and buy a book.

BTW, I have Norton Antivirus 2004 Professional, and update it at least once a week. Ad-aware didn't find it, but I don't think ad aware finds things like that. I think adaware is mainly for cookies and registry entries, not sure though.
 
The f-prot antivirus program (the DOS version is free) is worth trying as well. It flagged Trojans in my Linux Mandrake system as well (Linux does need a firewall). The signature updates are frequent through their email notification service.
 
Originally posted by blackhalo15
Well, I also had a virus that would close my internet explorer. But, it also tried to delete some of my dll files to. And if you didn't get rid of it, then it might unfortunately be doing the same thing to yours. I suggest going to trendmicro.com and doing a housecall. That's usually what I do, and it usually works. If not, then it's time to pull out the "heavy duty kick a** virus removal tool". The system restore CD. Ahh, the joys of the internet. So far, these are the types of sites that I have got virus' from. Porn, if you look at it on the internet, you're asking, "please someone send me a virus". Mp3 sites, again, "please someone send me a virus", and finally, programming sites, you know, sites that give programming tutorials. I've only got one from a site like this, but I'm not going to anymore, I'm gonna save up and buy a book.

BTW, I have Norton Antivirus 2004 Professional, and update it at least once a week. Ad-aware didn't find it, but I don't think ad aware finds things like that. I think adaware is mainly for cookies and registry entries, not sure though.
Click to expand...

Ohh, the three kinda sites I DO NOT go to, how interesting. And I was getting tired of internet Exploder anyway, all those friggen popups consistantly. I have found EVERYTHING else works on my machine, and I mean everything it is only Internet Exploder that seemed to be infected. Trust me, I checked EVERYTHING. I have also taken out Imesh recently (on a side note), how can i get rid of the Spyware left behind, if any? SpyBot, Adaware, will those suffice?

And ahh crap, you have NAV '04 Pro. Dang it, I just have the regular one. Well, i will just keep an eye out for the little b*stard . . .
 
There are a lot of Trojans and viruses out there that will try to shut down Norton, McAfee and any other antivirus program. Worse, just when you think you've got 'em beat, they pop right back up again...especially when it comes to spyware.

Spybot and Adaware are antiadware and antispyware programs and won't do much good against Trojans, worms and viruses.

Another good product for antispyware is Hijack This. Go to Snapfiles.com and take a gander, specifically the freeware section. The bonus is that there are a couple of forums out there that will review your Hijack This log and tell you what you need to do.

Another decent site for information about adware and spyware is PestPatrol.com. They track and list all kinds of information for dealing with this garbage.

McAfee (nai.com) also has a removal tool called Stinger. It's a dandy little piece of freeware that can do a lot in an emergency. Plus, it is constantly updated.
 
You must log in or register to reply here.

Similar threads

T
Am I A Civfanatic?
Replies
7
Views
419
Broken_Erika
Broken_Erika
Mustakrakish
Help me design a mod to allow civilizations to persist through the ages
Replies
4
Views
858
Mustakrakish
Mustakrakish
sqwishy
Modifying plot help width
Replies
14
Views
1K
Nightinggale
Nightinggale
G
Leader can represent not only a specific person, but also a nation - and I prefer to see Civ7 in this way
Replies
10
Views
2K
vorlon_mi
vorlon_mi
L
[Civ2] Running Civ2 MGE on a Linux Virtual Machine
Replies
9
Views
3K
Civilizator-2
C
Back
Top Bottom